Election Hack

Voting Security

By Cutright Elizabeth on Sep 15, 2016 in Technology

With the presidential election only a few weeks away, questions swirl about the vulnerability of electronic voting machines.

Today’s voting systems run the gamut from punch cards to touchscreens. This November, three-quarters of U.S. voters will cast a paper ballot, but the other 25% are triggering concern. As electronic voting machines get older and less secure, the question becomes: just how safe is our vote?

Over at Wired, Brian Barrett investigates the vulnerabilities of America’s electronic voting machines. Though he makes sure to emphasize there’s “no evidence of direct voting machine interference to date,” he concedes the research is grim. Susceptibility to malware and denial of service attacks has repeatedly been demonstrated. In some cases, compromising an electronic voting machine could be as easy as jumping onto an unsecured Wi-Fi network.

Just last year Virginia decertified 3000 WINVote touchscreen voting machines when serious security problems were exposed, including “a poorly secured Wi-Fi feature for tallying votes.” At the time, Jeremy Epstein, a computer scientist with SRI International, noted, ““anyone with even a modicum of training could have succeeded,” including someone within a half-mile of a polling pace outfitted with “a rudimentary antenna built using a Pringles can.”

Hacking the Vote

Aging operating systems provide the biggest opportunity for would-be hackers. As Barrett explains, most electronic voting machines use some variation of Windows XP, which hasn’t received a security patch in over two years. Unfortunately, most of the voting computers are at least a decade old, and just not equipped to deal with a sophisticated attack.

“People weren’t thinking about voting system security or all the additional challenges that come with electronic voting systems,” Brennan Center’s Lawrence Norden tells Wired. “Moving to electronic voting systems solved a lot of problems, but created a lot of new ones.”

The Paper Trail

While the vulnerabilities of electronic voting machines are real and frightening, for the most part, fraud attempts can be easily thwarted through a simple paper trail. While plenty of states combine some form of paper and electronic ballots, most vote manipulation attempts can be quickly caught by comparing paper records against computerized vote tallies.

Unfortunately, the power of the paper trail lies in execution. Many states do not have formal voter assessment procedures in place. Even those required to by law to conduct post-election audits don’t necessarily conduct them effectively. The lack of concrete checks and balances can be blamed on lack of funding and political will, says Norden.

“The money’s not there right now,” says Norden. “We interviewed election officials who told us what they were hearing from their state legislators and others who would be funding this type of equipment, and they say come back to us after there’s some kind of crisis.”

Russian Interference

The recent Russian hack of DNC emails has once again put Russia in the spotlight, which, for security specialists like Ryan Maness, could be a blessing in disguise.

“Putin’s not very nice, but he’s not stupid,” Maness, a visiting fellow at Northeastern University who specializes in international cyber conflict and Russian foreign policy, tells Wired. “If they were going to mess with the voting machines and the vote-counting software, they wouldn’t have done the DNC hack.”

While foreign nations may sit this one out, three key swing states could still be seen as being in the line of fire. Overall, the threat is relatively small. Florida, Ohio and Pennsylvania all use voting machines that Barrett describes as being “in relatively good shape.” Even better news, both Florida and Ohio have audit requirements in place. Pennsylvania relies heavily on DREs, but even election officials in the state can deploy paper ballots if those machines are compromised.

The Danger of Uncertainty

Awareness of potential voting machine hacks may be enough to protect polls from outside manipulation as election officials hustle to establish effective security measures. Most of November’s votes will be cast on paper ballots, and the potential security flaws associated with electronic voting machines can easily be mitigated by simple audits and paper records. Nevertheless, security experts and election watchdogs say there’s reason to be concerned.

“Old equipment can have serious security flaws, and the longer we delay purchasing new machines, the higher the risk,” warns Norden. “To avoid a new technology crisis every decade, we must plan for and invest in voting technology for the 21^st century.”

While this year’s election should be relatively hacker-free, Barrett points out a more insidious consequence: doubt.

“Suspicion is the real danger of electronic voting systems,” Barrett writes. “If you can’t guarantee that there was no tampering—which not every state can—it might not matter if any actually took place. In the wrong hands, the doubt itself is damaging enough.”